![]() ![]() gh-100001: python -m rver no longer allows terminal control characters sent within a garbage request to be printed to the stderr server log.Instead of using such text, it will warn and act as if a match was not found (or for test commands, as if the test failed). gh-68966: The deprecated mailcap module now refuses to inject unsafe text (filenames, MIME types, parameters) into shell commands to address CVE-2015-20107.Filesystem based socket permissions restrict this to the forkserver process user as was the default in Python 3.8 and earlier. This was a potential privilege escalation. This prevents Linux CVE-2022-42919 (potential privilege escalation) as abstract sockets have no permissions and could allow any user on the system in the same network namespace (often the whole system) to inject code into the multiprocessing forkserver process. ![]() Only code that chooses to use the “forkserver” start method is affected.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |